Export limit exceeded: 346125 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346125 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-11162 | 2 Brainstormforce, Wordpress | 2 Spectra, Wordpress | 2026-04-22 | 6.4 Medium |
| The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS in all versions up to, and including, 2.19.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-12468 | 3 Funnelkit, Woocommerce, Wordpress | 3 Funnelkit Automations, Woocommerce, Wordpress | 2026-04-22 | 5.3 Medium |
| The FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.4.1 via the '/wc-coupons/' REST API endpoint. This is due to the endpoint being marked as a public API (`public_api = true`), which results in the endpoint being registered with `permission_callback => '__return_true'`, bypassing all authentication and capability checks. This makes it possible for unauthenticated attackers to extract sensitive data including all WooCommerce coupon codes, coupon IDs, and expiration status. | ||||
| CVE-2025-12560 | 2 Blog2social, Wordpress | 2 Blog2social, Wordpress | 2026-04-22 | 4.3 Medium |
| The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 8.6.0 via the getFullContent() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||
| CVE-2025-12167 | 2 Rnzo, Wordpress | 2 Contact Form 7 Aweber Extension, Wordpress | 2026-04-22 | 4.3 Medium |
| The Contact Form 7 AWeber Extension plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_aweber_logreset' AJAX endpoint in all versions up to, and including, 0.1.42. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset the AWeber logs. | ||||
| CVE-2025-12099 | 2 Academylms, Wordpress | 2 Academy Lms, Wordpress | 2026-04-22 | 7.2 High |
| The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.3.8 via deserialization of untrusted input in the 'import_all_courses' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. | ||||
| CVE-2025-11894 | 1 Wordpress | 1 Wordpress | 2026-04-22 | 5.3 Medium |
| The Shelf Planner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to modify several of the plugin's settings like the ServerKey and LicenseKey. | ||||
| CVE-2025-11822 | 1 Wordpress | 1 Wordpress | 2026-04-22 | 6.4 Medium |
| The WP Bootstrap Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bootstrap_tab' shortcode in all versions up to, and including, 1.0.4. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-31481 | 1 Linux | 1 Linux Kernel | 2026-04-22 | N/A |
| In the Linux kernel, the following vulnerability has been resolved: tracing: Drain deferred trigger frees if kthread creation fails Boot-time trigger registration can fail before the trigger-data cleanup kthread exists. Deferring those frees until late init is fine, but the post-boot fallback must still drain the deferred list if kthread creation never succeeds. Otherwise, boot-deferred nodes can accumulate on trigger_data_free_list, later frees fall back to synchronously freeing only the current object, and the older queued entries are leaked forever. To trigger this, add the following to the kernel command line: trace_event=sched_switch trace_trigger=sched_switch.traceon,sched_switch.traceon The second traceon trigger will fail and be freed. This triggers a NULL pointer dereference and crashes the kernel. Keep the deferred boot-time behavior, but when kthread creation fails, drain the whole queued list synchronously. Do the same in the late-init drain path so queued entries are not stranded there either. | ||||
| CVE-2018-25270 | 1 Thinkphp | 1 Thinkphp | 2026-04-22 | 9.8 Critical |
| ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can craft requests to the index.php endpoint with malicious function parameters to execute system commands with application privileges. | ||||
| CVE-2026-5377 | 1 Gitlab | 1 Gitlab | 2026-04-22 | 4.3 Medium |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that could have allowed an authenticated user to access titles of confidential or private issues in public projects due to improper access control in the issue description rendering process. | ||||
| CVE-2025-6016 | 1 Gitlab | 1 Gitlab | 2026-04-22 | 6.5 Medium |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service due to insufficient resource allocation limits when retrieving notes under certain conditions. | ||||
| CVE-2026-4922 | 1 Gitlab | 1 Gitlab | 2026-04-22 | 8.1 High |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection. | ||||
| CVE-2026-3673 | 1 Frappe | 1 Frappe | 2026-04-22 | N/A |
| An authenticated attacker can store a crafted tag value in _user_tags and trigger JavaScript execution when a victim opens the list/report view where tags are rendered. The vulnerable renderer interpolates tag content into HTML attributes and element content without escaping. This issue affects Frappe: 16.10.10. | ||||
| CVE-2026-33656 | 1 Espocrm | 1 Espocrm | 2026-04-22 | 9.1 Critical |
| EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, EspoCRM's built-in formula scripting engine allowing updating attachment's sourceId thus allowing an authenticated admin to overwrite the `sourceId` field on `Attachment` entities. Because `sourceId` is concatenated directly into a file path with no sanitization in `EspoUploadDir::getFilePath()`, an attacker can redirect any file read or write operation to an arbitrary path within the web server's `open_basedir` scope. Version 9.3.4 fixes the issue. | ||||
| CVE-2026-40937 | 1 Rustfs | 1 Rustfs | 2026-04-22 | 8.3 High |
| RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-alpha.94, all four notification target admin API endpoints in `rustfs/src/admin/handlers/event.rs` use a `check_permissions` helper that validates authentication only (access key + session token), without performing any admin-action authorization via `validate_admin_request`. Every other admin handler in the codebase correctly calls `validate_admin_request` with a specific `AdminAction`. This is the only admin handler file that skips authorization. A non-admin user can overwrite a shared admin-defined notification target by name, causing subsequent bucket events to be delivered to an attacker-controlled endpoint. This enables cross-user event interception and audit evasion. 1.0.0-alpha.94 contains a patch. | ||||
| CVE-2026-41166 | 1 Openremote | 1 Openremote | 2026-04-22 | 7 High |
| OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has `write:admin` in one Keycloak realm can call the Manager API to update Keycloak realm roles for users in another realm, including `master`. The handler uses the `{realm}` path segment when talking to the identity provider but does not check that the caller may administer that realm. This could result in a privilege escalation to `master` realm administrator if the attacker controls any user in `master` realm. Version 1.22.1 fixes the issue. | ||||
| CVE-2026-40882 | 1 Openremote | 1 Openremote | 2026-04-22 | 7.6 High |
| OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset import path parses attacker-controlled XML without explicit XXE hardening. An authenticated user who can call the import endpoint may trigger XML external entity processing, which can lead to server-side file disclosure and SSRF. The target file must be less than 1023 characters. Version 1.22.0 fixes the issue. | ||||
| CVE-2026-3950 | 1 Struktur | 1 Libheif | 2026-04-22 | 3.3 Low |
| A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and might be used. Applying a patch is the recommended action to fix this issue. The patch available is inofficial and not approved yet. | ||||
| CVE-2026-3951 | 1 Lockerproject | 1 Locker | 2026-04-22 | 4.3 Medium |
| A security flaw has been discovered in LockerProject Locker 0.0.0/0.0.1/0.1.0. Affected is the function authIsAwesome of the file source-code/Locker-master/Ops/registry.js of the component Error Response Handler. The manipulation of the argument ID results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-3954 | 1 Openbmb | 1 Xagent | 2026-04-22 | 6.5 Medium |
| A weakness has been identified in OpenBMB XAgent 1.0.0. Affected by this vulnerability is the function workspace of the file XAgentServer/application/routers/workspace.py. This manipulation of the argument file_name causes path traversal. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet. | ||||